Privacy Policy

Last updated: April 20, 2026

Tessera is a small, founder-run product in active beta. This policy describes, in plain English, what data we collect, how we store it, and what we never do with it. If anything here is unclear, email hey@tessera.app and we'll answer you directly.

What Tessera is

Tessera is a web application that helps you model your product as a connected, structured graph of personas, flows, screens, decisions, and the relationships between them. You sign in, create projects, and save models.

Where your data lives

  • Database: Your projects and models are stored in Supabase, a managed Postgres provider.
  • Authentication: Sign-in and account management are handled by Clerk. Clerk stores your email and any OAuth identifiers you link.
  • Hosting: The Tessera site and application run on Vercel.
  • AI generation: Model generation and review use various LLMs (Large Language Models). Prompts and responses pass through these LLMs as part of producing your model.

What we collect

  • Account information: Email address, and any profile details you provide during sign-up (handled by Clerk).
  • Product model data: The content you create or paste into Tessera. Research, PRDs, personas, flows, problems, entities, and anything else you add to a project.
  • Usage data: Basic request logs (timestamps, IPs, user agents) for security and debugging. Vercel Analytics collects anonymized page-view data. PostHog captures product interaction events (button clicks, completed flows) so we can understand what's working. We do not record session video. Events are tied to your account but never include your project content.
  • Beta signups: If you submit your email on the landing page, we store it so we can invite you to the beta.
  • Feedback you send: When you submit feedback from the in-app Send Feedback modal, we store your message, category, the page you were on, your user agent, and your account email so we can respond.

What we don't do

  • We do not sell your data. Not now, not later.
  • We do not share your project content with third parties for marketing, analytics, or training purposes.
  • We do not train AI models on your project data. OpenAI's API terms prohibit training on inputs by default, and we don't opt in.
  • We do not send marketing emails beyond the ones directly related to your beta access and product updates you can unsubscribe from.

Requesting your data or deletion

You own your data. Email hey@tessera.app from the address on your account and we will:

  • Export your data in a structured format on request, or
  • Delete your account and all associated project data, including anything stored in Supabase and Clerk, within 30 days.

Cookies

Tessera uses cookies required for authentication (set by Clerk) and for remembering your display preferences. We do not use advertising cookies or cross-site trackers.

Children

Tessera is not directed at children under 13 and we don't knowingly collect data from them.

Changes to this policy

We'll update this page when our practices change. The date at the top always reflects the most recent revision. Material changes will be announced to beta users by email.

Contact

Questions, concerns, or data requests go to hey@tessera.app. A real person reads every message.